{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T23:24:11Z","timestamp":1769729051735,"version":"3.49.0"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031750090","type":"print"},{"value":"9783031750106","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,11,20]],"date-time":"2024-11-20T00:00:00Z","timestamp":1732060800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,11,20]],"date-time":"2024-11-20T00:00:00Z","timestamp":1732060800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-75010-6_23","type":"book-chapter","created":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T01:38:24Z","timestamp":1731980304000},"page":"231-240","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Enhancing API Security Testing Against BOLA and\u00a0Authentication Vulnerabilities Through an\u00a0LLM-Enhanced Framework"],"prefix":"10.1007","author":[{"given":"Emil Marian","family":"Pasca","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rudolf","family":"Erdei","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniela","family":"Delinschi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Oliviu","family":"Matei","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,11,20]]},"reference":[{"key":"23_CR1","unstructured":"Broken Object Level Authorization (BOLA) $$\\vert $$ OWASP API Security, March 2024. Accessed 24 Mar 2024"},{"key":"23_CR2","unstructured":"Fine Grained Authorization Fixes Critical API Security Risks, February 2024. Accessed 21 Feb 2024"},{"key":"23_CR3","unstructured":"Why Business Logic Vulnerabilities Are Your #1 API Security Risk $$\\vert $$ APIsec, February 2024. Accessed 21 Feb 2024"},{"key":"23_CR4","unstructured":"Mistral, A.I.: Mistral 7B, March 2024. Accessed 22 Mar 2024"},{"key":"23_CR5","doi-asserted-by":"crossref","unstructured":"Deng, Y., Xia, C.S., Yang, C., Zhang, S.D., Yang, S., Zhang, L.: Large language models are edge-case generators: Crafting unusual programs for fuzzing deep learning libraries. In: Proceedings of the 46th IEEE\/ACM International Conference on Software Engineering, ICSE \u201924 2024. Association for Computing Machinery, New York (2024)","DOI":"10.1145\/3597503.3623343"},{"key":"23_CR6","unstructured":"Hu, J., Zhang, Q., Yin, H.: Augmenting greybox fuzzing with generative ai (2023)"},{"key":"23_CR7","doi-asserted-by":"crossref","unstructured":"Liu, Z., et al.: Bringing human-like interaction to mobile gui testing via functionality-aware decisions, Make llm a testing expert (2023)","DOI":"10.1145\/3597503.3639180"},{"key":"23_CR8","doi-asserted-by":"crossref","unstructured":"Martin-Lopez, A., Segura, S., Ruiz-Cort\u00e9s, A.: A catalogue of inter-parameter dependencies in restful web apis. In: Yangui, S., Rodriguez, I.B., Drira, K., Tari, Z. (eds.) Service-Oriented Computing, pp. 399\u2013414. Springer, Cham (2019)","DOI":"10.1007\/978-3-030-33702-5_31"},{"key":"23_CR9","doi-asserted-by":"crossref","unstructured":"Naeem, R.Z., Abbas, H., Shafqat, N., Saleem, K., Iqbal, W.: A framework to determine applications\u2019 authenticity. Procedia Comput. Sci. 155, 268\u2013275 (2019). The 16th International Conference on Mobile Systems and Pervasive Computing (MobiSPC 2019),The 14th International Conference on Future Networks and Communications (FNC-2019),The 9th International Conference on Sustainable Energy Information Technology","DOI":"10.1016\/j.procs.2019.08.038"},{"key":"23_CR10","unstructured":"OWASP API Security Project team. OWASP API Security Project $$\\vert $$ OWASP Foundation, January 2024. Accessed 21 Feb 2024"},{"key":"23_CR11","doi-asserted-by":"crossref","unstructured":"Schulz, S., Schaller, A., Kohnh\u00e4user, F., Katzenbeisser, S.: Boot attestation: Secure remote reporting with off-the-shelf iot sensors. Cryptology ePrint Archive, Paper 2017\/577 (2017). https:\/\/eprint.iacr.org\/2017\/577","DOI":"10.1007\/978-3-319-66399-9_24"},{"key":"23_CR12","doi-asserted-by":"crossref","unstructured":"Shin, S.Y., Pastore, F., Bianculli, D., Baicoianu, A.: Towards generating executable metamorphic relations using large language models (2024)","DOI":"10.1007\/978-3-031-70245-7_9"},{"key":"23_CR13","unstructured":"Shukla, P.: How BOLA Vulnerabilities Can Expose Sensitive Data: API Security Report. Cequence Security, October 2023"},{"key":"23_CR14","doi-asserted-by":"crossref","unstructured":"Siddiq, M.L., Santos, J.C.S., Tanvir, R.H., Ulfat, N., Al Rifat, F., Lopes, V.C.: Using large language models to generate junit tests: an empirical study (2024)","DOI":"10.1145\/3661167.3661216"},{"key":"23_CR15","unstructured":"Tufano, M., Drain, D., Svyatkovskiy, A., Deng, S.K., Sundaresan, N.: Unit test case generation with transformers and focal context (2021)"},{"key":"23_CR16","doi-asserted-by":"crossref","unstructured":"Michele Tufano, Dawn Drain, Alexey Svyatkovskiy, and Neel Sundaresan. Generating accurate assert statements for unit test cases using pretrained transformers. In Proceedings of the 3rd ACM\/IEEE International Conference on Automation of Software Test, AST \u201922. ACM, May 2022","DOI":"10.1145\/3524481.3527220"},{"key":"23_CR17","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101619","volume":"88","author":"D Wang","year":"2020","unstructured":"Wang, D., Zhang, X., Zhang, Z., Wang, P.: Understanding security failures of multi-factor authentication schemes for multi-server environments. Comput. Secur. 88, 101619 (2020)","journal-title":"Comput. Secur."},{"key":"23_CR18","unstructured":"Wang, J., Huang, Y., Chen, C., Liu, Z., Wang, S., Wang, Q.: Survey, landscape, and vision, Software testing with large language models (2024)"},{"key":"23_CR19","unstructured":"Chunqiu\u00a0Steven Xia, Matteo Paltenghi, Jia\u00a0Le Tian, Michael Pradel, and Lingming Zhang. Fuzz4all: Universal fuzzing with large language models, 2024"},{"key":"23_CR20","doi-asserted-by":"crossref","unstructured":"Yang, C., et al.: White-box compiler fuzzing empowered by large language models (2023)","DOI":"10.1145\/3689736"},{"key":"23_CR21","doi-asserted-by":"crossref","unstructured":"Yang, R., Li, G., Lau, W., Zhang, K., Hu, P.: Model-based security testing: an empirical study on oauth 2.0 implementations. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (2016)","DOI":"10.1145\/2897845.2897874"},{"key":"23_CR22","unstructured":"Zhang, T., et al.: Raft: dapting language model to domain specific rag (2024)"}],"container-title":["Lecture Notes in Networks and Systems","The 19th International Conference on Soft Computing Models in Industrial and Environmental Applications SOCO 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-75010-6_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T02:05:06Z","timestamp":1731981906000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-75010-6_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,20]]},"ISBN":["9783031750090","9783031750106"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-75010-6_23","relation":{},"ISSN":["2367-3370","2367-3389"],"issn-type":[{"value":"2367-3370","type":"print"},{"value":"2367-3389","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11,20]]},"assertion":[{"value":"20 November 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SOCO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Soft Computing Models in Industrial and Environmental Applications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Salamanca","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 October 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 October 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icscmiea2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/2024.sococonference.eu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}